Configuring GroupVPN Policy on the SonicWALL

ŠVPN Terminated at the LAN, OPT/DMZ/WLAN, or LAN/OPT/DMZ/WLAN - Selecting this option allows you to terminate a VPN tunnel on a specific destination instead of allowing the VPN tunnel to terminate on the entire SonicWALL network. By terminating the VPN tunnel to a specific destination, the VPN tunnel has access to a specific portion of the destination LAN or OPT/DMZ/WLAN network.

ŠRequire Authentication of VPN Clients via XAUTH - requires that all inbound traffic on this SA is from an authenticated user. Unauthenticated traffic is not allowed on the VPN tunnel.

10Click on the Client tab and select any of the following boxes that you want to apply to Global VPN Client provisioning:

Cache XAUTH User Name and Password - Allows Global VPN Client to cache any username and password required for XAUTH user authentication. The drop-down list provides the following options:

ŠNever - Global VPN Client is not allowed to cache username and password. The user will be prompted for a username and password when the connection is enabled and also every time there is an IKE phase 1 rekey.

ŠSingle Session - The user will be prompted for username and password each time the connection is enabled and will be valid until the connection is disabled. This username and password is used through IKE phase 1 rekey.

ŠAlways - The user will be prompted for username and password only once when connection is enabled. When prompted, the user will be given the option of caching the username and password.

Virtual Adapter Settings - The use of the Virtual Adapter by the Global VPN Client (GVC) has always been dependent upon a DHCP server, either the internal SonicOS or a specified external DHCP server, to allocate addresses to the Virtual Adapter. In instances where predictable addressing was a requirement, it was necessary to obtain the MAC address of the Virtual Adapter, and to create a DHCP lease reservation.

To reduce the administrative burden of providing predictable Virtual Adapter addressing, you can configure the GroupVPN to accept static addressing of the Virtual Adapter's IP configuration. This feature requires the use of GVC version 3.0 or later.

ŠNone - A Virtual Adapter will not be used by this GroupVPN connection.

ŠDHCP Lease - The Virtual Adapter will obtain its IP configuration from the DHCP Server only, as configure in the VPN > DHCP over VPN page.

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATORS GUIDE

211

Page 230
Image 230
SonicWALL 3 manual 211